General
-
Target
Deberes.exe
-
Size
43KB
-
Sample
240430-zdbd7afd4y
-
MD5
e33cdb7bc85a599303a6716d0b9a6db7
-
SHA1
5417a44b343e67c72483acc60bfc2d09d3931646
-
SHA256
d425106858e4a0ea2c4f9ff87ccd707361cbfb65cca1fcc79cf09fcb1a01275f
-
SHA512
ef0f5b3723a6190ce711eba51a55ec7856010d8c26d9ef6212bdba30fa2ed039a8d0eb80021d648eca67ea9de343d2b7ceab0d392353728d0ef219d7b0c82474
-
SSDEEP
768:rZYd/mil8ZcouS+QemRBxUPJftwBG72EvuAN5kTvCOTgUHv35BMCl:VYVmil8Z5xemR7StwMfuADyCGgUv5J
Malware Config
Targets
-
-
Target
Deberes.exe
-
Size
43KB
-
MD5
e33cdb7bc85a599303a6716d0b9a6db7
-
SHA1
5417a44b343e67c72483acc60bfc2d09d3931646
-
SHA256
d425106858e4a0ea2c4f9ff87ccd707361cbfb65cca1fcc79cf09fcb1a01275f
-
SHA512
ef0f5b3723a6190ce711eba51a55ec7856010d8c26d9ef6212bdba30fa2ed039a8d0eb80021d648eca67ea9de343d2b7ceab0d392353728d0ef219d7b0c82474
-
SSDEEP
768:rZYd/mil8ZcouS+QemRBxUPJftwBG72EvuAN5kTvCOTgUHv35BMCl:VYVmil8Z5xemR7StwMfuADyCGgUv5J
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables cmd.exe use via registry modification
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1